Any discussion of the background art throughout the specification should in no way be considered as an admission that such art is widely known or forms part of common general knowledge in the field.
There are various situations where a desire exists to restrict access to certain documents. This is achieved by setting permissions for a document. In general terms, a common approach for managing document permissions is to associate a given document with one or more permissions, and compare those with permissions granted to a user.
Maintenance of security of electronic documents (such as files) is an important aspect of any multiuser system. Various users (based on their position in a formal hierarchy) may have various access rights for a given document. For example, some users may be denied access to it, some may be allowed to only read it, some may be allowed to read as well as modify it whereas some others may be able to only execute it. Both the maintenance of the access rights of the various uses for the different documents stored on the system as well as controlling document access in accordance with these stored access rights are crucial for a successful system operation.
Therefore there is a need in the industry for developing an improved process for providing security access policy in a document management system. This should be based on a combination of the formal organisational hierarchy and a permission hierarchy to simplify administration and to establish clear ownership of objects within the system. This would be simplified and natural group-based administration rather than basing it on more artificial technology-based aggregations such as “sites” or “subsites” or “lists”. It should also allow for both inheritance of permissions throughout the hierarchy and enforcement of combined exclusive permissions (“subtractive” permissions) based on membership in multiple groups.